AES stands for Advanced Encryption Standard, and it’s one of the most reliable encryption tools available to users of the internet. Although the standard is almost 20 years old, it continues to evolve, and has the power of the US government backing it up. With high levels of security, speed and support, it looks set to remain the major security standard for intelligence agencies and many VPNs alike.

When you surf the web picking services like VPNs, you’ll almost certainly see AES 128 or 256 offered as an encryption standard. But AES encryption isn’t the only game in town when it comes to protecting your data. So let’s dig deeper and find out more about this global security standard, and ask whether it continues to deliver the encryption web users demand.

Understanding AES encryption: the basics

As we noted at the outset, AES stands for “Advanced Encryption Standard”. By encryption, we refer to processes used to turn messages or other data into a form that cannot be understood by those who aren’t supposed to access it.

Since the internet was conceived, hackers have sought to access private emails and files, and organizations like universities, companies and the state have naturally sought to protect their transmissions.

The Advanced Encryption Standard emerged in 2001 from America’s National Institute of Standards and Technology. As the internet became globalized and almost universal, US administrators (and intelligence agencies) wanted to create mainstream encryption tools that were incredibly hard to crack.

Previously, online organizations had largely relied on DES (Data Encryption Standard), but throughout the 1990s, DES was steadily unmasked as utterly insufficient for modern cybersecurity. With just 56 bit encryption, DES keys could be cracked in a matter of seconds. So something more robust was obviously required.

NIST ran a competition around the turn of the millennium, and security researchers across the world submitted their suggestions for the new AES standard. The option chosen was a “symmetric key” encryption system developed by a pair of Belgian researchers. By 2005, it had been adopted by agencies like the NSA, corporations like Microsoft, and was increasingly being mainstreamed into privacy functions like firewalls and VPNs.

The original version of AES was known as AES 128, due to its use of 128-bit encryption codes. However, it has since been joined by 192 and 256 bit alternatives, which may offer even more protection. AES 128 hasn’t exactly been forced out of use, but it’s not the only AES option – something to remember.

What is AES used for?

Nowadays, AES 128 and AES 256 are used in a variety of applications. For instance, they have been incorporated into compression tools like WinZip, adding an extra degree of protection into their systems.

The way that data is compressed on disk partitions can also employ AES-based techniques. That way, not only is space saved on hard disks, but security is enhanced as well. That’s especially handy for corporate or government network servers.

Finally, VPNs are also major users of AES. Virtual Private Networks often use AES to compress data sent via their “tunnels”, ensuring privacy for their subscribers.

How encryption via AES works

When you use AES, it employs an algorithm to turn messages into ciphers, so it probably helps to quickly define cipher before outlining how a step by step encryption might work.

When we define cipher, we generally refer to the steps require to carry out a full encryption. Ciphers involve encoding messages via “keys”, which result in fully encrypted information. In the case of all AES systems, text is converted into 128-bit hexadecimal ciphers.

To complete these ciphers, messages then need to be processed through a series of “rounds.” With AES-128, there are 10 rounds of encryption, compared with 14 for AES-256. At each stage, the specific AES keys act on the cipher, adding another layer of complexity.

Each round takes time and computing power. This has consequences in terms of processing speed and efficiency. So AES 256 will be more secure than AES 128, but it will also be slower. This often leads to a need to trade off speed against security – although don’t be fooled, all forms of AES are still deemed secure.

In AES, the keys used as called “symmetric.” This is extremely important. Essentially, it means that the keys used to encrypt and decrypt information under AES must be held by both the sender and the recipient.

This leads on to a critical feature of all AES systems: the need to ensure that keys are distributed across the network of users. This doesn’t apply to “asymmetric” encryption systems, where data is encrypted via a private key, and decrypted using a public key. In any AES example, users will have to take steps to secure and distribute keys safely.

A quick AES encryption example

To understand these complexities in a bit more detail, it probably helps to run through an AES encryptionexample. This is a simplified version of the process, which involves in-depth mathematics and numerous AES algorithm steps, but it should get the point across.

The most simplified AES example step by step would go something like this:

  1. The secret key and a plain text message are mixed together to form a 128 bit cipher.
  2. The 128, 192 or 256 bit key cipher is applied to the input text, and then becomes part of an AES array.
  3. The array is then subjected to the algorithm used to encrypt material under AES. This involves transforming that material across a series of rounds: 10 with AES 128, 12 with AES 192, and 14 with AES 256.
  4. The first set of transformations involves the use of Substitution Tables.
  5. The second set of transformations manipulates the data rows of the material being encrypted.
  6. The next set mixes up the columns in the material.
  7. Finally, the last set of transformations injects an element of randomization via an XOR function.
  8. The finished product can only be decrypted by using the key which governed the AES algorithm stepslisted above. The exact number of transformations varies, but the general stages listed are common to all AES based ciphers.

As noted earlier, that is really just a simplified AES example step by step guide, but it gives a good idea of the way that data is manipulated across multiple steps. Think of it as a little like a Rubick’s Cube, where only you and the recipient have the formula for reversing the rotations and twists put on the colors of the cube.

Is AES still the most secure encryption option around?

Despite being created in 2001, time has been very kind to the AES standard, and it continues to be one of the primary ciphers in use across the world.

As far as we know, nobody has been able to reliably crack an AES 256 cipher, including the NSA, who rely on AES ciphers to keep their transmissions secure. Naturally, we can’t be certain about this (would the NSA necessarily be open about it if they had cracked AES?) but most experts agree that AES continues to offer excellent protection.

Just to give an idea of how long it would take to “brute force” a normal AES cipher, some calculations have found that it would take the most powerful supercomputers around 150 trillion years to crack the AES cipher.

With quantum computing and other new technologies on the horizon, that will change, but there’s no doubting that AES itself remains relatively secure, which is why VPNs use it all over the world.

However, remember how we discussed that AES is a “symmetric” encryption system? This means that encryption keys must be distributed to all users, and this is where AES is potentially vulnerable. So don’t assume that AES guarantees rock solid privacy. When using any online service, their security systems need to be watertight to make sure encryption keys are secured at all times.